[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvir] [PATCH] Bad permissions on /var/run/libvirt/



On Mon, Apr 21, 2008 at 08:47:38PM +0400, Anton Protopopov wrote:
> 2008/4/21, Daniel Veillard <veillard redhat com>:
> >
> > On Mon, Apr 21, 2008 at 01:06:02PM +0400, Anton Protopopov wrote:
> > > 2008/4/17, Daniel Veillard <veillard redhat com>:
> > > >
> > > > On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
> > > > > Hi,
> > > > >
> > > > > Non-root can't use /var/run/libvirt/libvirt-sock even in the case
> > > > > "unix_sock_group" and "unix_sock_rw_perms" are set properly.
> > > > >
> > > > > The reason:
> > > > >    # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
> > > > >    drwx------ 2 root root   4096 Apr 14 19:14 libvirt
> > > > >    srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
> > > > >    srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
> > > > >
> > > > > i.e., bad permissions on /var/run/libvirt
> > > >
> > > >
> > > >   Hum, how did you get this ? Maybe this is more a packaging problem
> > than
> > > > anything else
> > >
> > >
> > > Yes, it was, sorry...
> >
> >
> >   So do you think the patch really make sense in a more general
> > way. Except for the group from the configuration this looks like
> > the wrong way to fix this.
> >
> >   Do you agree ? If yes what about making a subset of the patch just
> > for the socket group rights ?
> >
> >
> > Daniel
> 
> 
> Well, I think that there were two decisions:
> 
> First one is to change the permissions of /var/run/libvirt to 0750 (by
> spcifying it in spec) and then change the group ownership of this directory
> in main(), right after the call to remoteReadConfigFile(). That must be done
> in main() because one can set "unix_sock_group" to non-root and then remove
> config file.
> 
> The other (simple) one is to leave it as is :)
> 
> If you want, I can make patch to fix the first case

  Okay, I take patches :-)

    thanks !

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]